Red Hat Customer Portal

Skip to main content

Security Advisory Important: jbossweb security update

Advisory: RHSA-2011:0210-1
Type: Security Advisory
Severity: Important
Issued on: 2011-02-10
Last updated on: 2011-02-10
Affected Products: JBoss Enterprise Application Platform 4.2.0 EL4
JBoss Enterprise Application Platform 4.2.0 EL5
JBoss Enterprise Application Platform 4.3.0 EL4
JBoss Enterprise Application Platform 4.3.0 EL5
JBoss Enterprise Application Platform 5 EL4
JBoss Enterprise Application Platform 5 EL5
CVEs (cve.mitre.org): CVE-2010-4476

Details

Updated jbossweb packages that fix one security issue are now available for
JBoss Enterprise Application Platform 4.2, 4.3, and 5.1, for Red Hat
Enterprise Linux 4 and 5.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

JBoss Web Server is the web container, based on Apache Tomcat, in JBoss
Enterprise Application Platform. It provides a single deployment platform
for the JavaServer Pages (JSP) and Java Servlet technologies.

A denial of service flaw was found in the way certain strings were
converted to Double objects. A remote attacker could use this flaw to cause
JBoss Web Server to hang via a specially-crafted HTTP request.
(CVE-2010-4476)

Users of JBoss Web Server should upgrade to these updated packages, which
contain a backported patch to correct this issue. The JBoss server process
must be restarted for this update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

JBoss Enterprise Application Platform 4.2.0 EL4

SRPMS:
jbossweb-2.0.0-8.CP15.patch01.0jpp.ep1.1.el4.src.rpm
File outdated by:  RHBA-2011:1297
    MD5: 9e29300b09d893e9f326e09d4458b25a
SHA-256: 7e1c0094ad047368f36d62e5ae5290ff284975f9d6c75d2ceaf91e1a0e1d0428
 
IA-32:
jbossweb-2.0.0-8.CP15.patch01.0jpp.ep1.1.el4.noarch.rpm     MD5: f0b1cf8ee056082877228ebf483d1ec7
SHA-256: 3a93ecf8ce95b76cd710737ed79ad3999b9b778c7bf7f6c4d3c7a8e4942c0a3b
 
x86_64:
jbossweb-2.0.0-8.CP15.patch01.0jpp.ep1.1.el4.noarch.rpm     MD5: f0b1cf8ee056082877228ebf483d1ec7
SHA-256: 3a93ecf8ce95b76cd710737ed79ad3999b9b778c7bf7f6c4d3c7a8e4942c0a3b
 
JBoss Enterprise Application Platform 4.2.0 EL5

SRPMS:
jbossweb-2.0.0-8.CP15.patch01.0jpp.ep1.1.el5.src.rpm
File outdated by:  RHBA-2011:1298
    MD5: 1dd5f6109b8fc1e4ae62e2ee93cd19a2
SHA-256: 7f505081f546d6fe36a971261411f704fcce9efee36bc2918b4a76bff5445653
 
IA-32:
jbossweb-2.0.0-8.CP15.patch01.0jpp.ep1.1.el5.noarch.rpm     MD5: 70cd8e29606615e8f4d2bb9bc0a19c1b
SHA-256: 210f749a1db4b4330a29dd56a8818267191b37f5d2d589b69c8c9a6f9418302d
 
x86_64:
jbossweb-2.0.0-8.CP15.patch01.0jpp.ep1.1.el5.noarch.rpm     MD5: 70cd8e29606615e8f4d2bb9bc0a19c1b
SHA-256: 210f749a1db4b4330a29dd56a8818267191b37f5d2d589b69c8c9a6f9418302d
 
JBoss Enterprise Application Platform 4.3.0 EL4

SRPMS:
jbossweb-2.0.0-8.CP15.patch01.0jpp.ep1.1.el4.src.rpm
File outdated by:  RHBA-2011:1297
    MD5: 9e29300b09d893e9f326e09d4458b25a
SHA-256: 7e1c0094ad047368f36d62e5ae5290ff284975f9d6c75d2ceaf91e1a0e1d0428
 
IA-32:
jbossweb-2.0.0-8.CP15.patch01.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHBA-2011:1297
    MD5: f0b1cf8ee056082877228ebf483d1ec7
SHA-256: 3a93ecf8ce95b76cd710737ed79ad3999b9b778c7bf7f6c4d3c7a8e4942c0a3b
 
x86_64:
jbossweb-2.0.0-8.CP15.patch01.0jpp.ep1.1.el4.noarch.rpm
File outdated by:  RHBA-2011:1297
    MD5: f0b1cf8ee056082877228ebf483d1ec7
SHA-256: 3a93ecf8ce95b76cd710737ed79ad3999b9b778c7bf7f6c4d3c7a8e4942c0a3b
 
JBoss Enterprise Application Platform 4.3.0 EL5

SRPMS:
jbossweb-2.0.0-8.CP15.patch01.0jpp.ep1.1.el5.src.rpm
File outdated by:  RHBA-2011:1298
    MD5: 1dd5f6109b8fc1e4ae62e2ee93cd19a2
SHA-256: 7f505081f546d6fe36a971261411f704fcce9efee36bc2918b4a76bff5445653
 
IA-32:
jbossweb-2.0.0-8.CP15.patch01.0jpp.ep1.1.el5.noarch.rpm
File outdated by:  RHBA-2011:1298
    MD5: 70cd8e29606615e8f4d2bb9bc0a19c1b
SHA-256: 210f749a1db4b4330a29dd56a8818267191b37f5d2d589b69c8c9a6f9418302d
 
x86_64:
jbossweb-2.0.0-8.CP15.patch01.0jpp.ep1.1.el5.noarch.rpm
File outdated by:  RHBA-2011:1298
    MD5: 70cd8e29606615e8f4d2bb9bc0a19c1b
SHA-256: 210f749a1db4b4330a29dd56a8818267191b37f5d2d589b69c8c9a6f9418302d
 
JBoss Enterprise Application Platform 5 EL4

SRPMS:
jbossweb-2.1.10-5.patch01.1.ep5.el4.src.rpm
File outdated by:  RHSA-2013:0629
    MD5: 7484323063b9cf8d9388579f4ec8d949
SHA-256: 0e7dde58597cdb812307d310939c0a27e9d8f446fec13c70b8831d06fd49f987
 
IA-32:
jbossweb-2.1.10-5.patch01.1.ep5.el4.noarch.rpm
File outdated by:  RHSA-2013:0629
    MD5: 769b32418a3ac9506199010b459cc3e0
SHA-256: b258c2d3a2ce68132d56b859a96ebe8795422c4af6d5cd23f4bf46ffbabaf665
jbossweb-jsp-2.1-api-2.1.10-5.patch01.1.ep5.el4.noarch.rpm
File outdated by:  RHSA-2013:0629
    MD5: 2078e7c2008bf2e3e0d8021a410ac32a
SHA-256: 56d61e80ac1f89d941d5983303c8ab0a609e08ea5438eb746add938db2fc7e1b
jbossweb-lib-2.1.10-5.patch01.1.ep5.el4.noarch.rpm
File outdated by:  RHSA-2013:0629
    MD5: f1b42c24f9ce7ebd7e9b996fd54ba07d
SHA-256: e20d8285880ca5b32967d6b61246a8c2d5f4f3470d9c7e978740108afae0fb40
jbossweb-servlet-2.5-api-2.1.10-5.patch01.1.ep5.el4.noarch.rpm
File outdated by:  RHSA-2013:0629
    MD5: de586c2b95418395e1692332be6574ce
SHA-256: b1560ed284684202778e8d5224ee573e002938ce5c2600dd2ea1aed1e1a5f0f7
 
x86_64:
jbossweb-2.1.10-5.patch01.1.ep5.el4.noarch.rpm
File outdated by:  RHSA-2013:0629
    MD5: 769b32418a3ac9506199010b459cc3e0
SHA-256: b258c2d3a2ce68132d56b859a96ebe8795422c4af6d5cd23f4bf46ffbabaf665
jbossweb-jsp-2.1-api-2.1.10-5.patch01.1.ep5.el4.noarch.rpm
File outdated by:  RHSA-2013:0629
    MD5: 2078e7c2008bf2e3e0d8021a410ac32a
SHA-256: 56d61e80ac1f89d941d5983303c8ab0a609e08ea5438eb746add938db2fc7e1b
jbossweb-lib-2.1.10-5.patch01.1.ep5.el4.noarch.rpm
File outdated by:  RHSA-2013:0629
    MD5: f1b42c24f9ce7ebd7e9b996fd54ba07d
SHA-256: e20d8285880ca5b32967d6b61246a8c2d5f4f3470d9c7e978740108afae0fb40
jbossweb-servlet-2.5-api-2.1.10-5.patch01.1.ep5.el4.noarch.rpm
File outdated by:  RHSA-2013:0629
    MD5: de586c2b95418395e1692332be6574ce
SHA-256: b1560ed284684202778e8d5224ee573e002938ce5c2600dd2ea1aed1e1a5f0f7
 
JBoss Enterprise Application Platform 5 EL5

SRPMS:
jbossweb-2.1.10-5.patch01.1.1.ep5.el5.src.rpm
File outdated by:  RHSA-2013:0629
    MD5: eb4aad1e96083398b84997ef0281314f
SHA-256: e6af838f047ff42e1128252a57997775a6128ca818ec24c70ca44df9a8a7425f
 
IA-32:
jbossweb-2.1.10-5.patch01.1.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0629
    MD5: 7094ebe8bc5e315ad6dad8f21ff7ead3
SHA-256: 7715f92753540a01459173111902885a1fe3194d3fdad371b4c663a07f30fbef
jbossweb-jsp-2.1-api-2.1.10-5.patch01.1.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0629
    MD5: 8146999d9b94be3935b70c62be207dd2
SHA-256: ecc555d4e611085f3b68698369fea32834de25fbb6189d04de9c42ac843a186c
jbossweb-lib-2.1.10-5.patch01.1.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0629
    MD5: a6f735abcbb8e99443999496f2858fdd
SHA-256: 29632562b0cbc583b19768994705187f7e8b0f8127bbed0afdd92dd8d6bfecd3
jbossweb-servlet-2.5-api-2.1.10-5.patch01.1.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0629
    MD5: d6727440107b93b9daf16b36d9d1e50d
SHA-256: cece99d3be3f376deca995acd82b923aa34859e16273477c76e945e7ea084538
 
x86_64:
jbossweb-2.1.10-5.patch01.1.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0629
    MD5: 7094ebe8bc5e315ad6dad8f21ff7ead3
SHA-256: 7715f92753540a01459173111902885a1fe3194d3fdad371b4c663a07f30fbef
jbossweb-jsp-2.1-api-2.1.10-5.patch01.1.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0629
    MD5: 8146999d9b94be3935b70c62be207dd2
SHA-256: ecc555d4e611085f3b68698369fea32834de25fbb6189d04de9c42ac843a186c
jbossweb-lib-2.1.10-5.patch01.1.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0629
    MD5: a6f735abcbb8e99443999496f2858fdd
SHA-256: 29632562b0cbc583b19768994705187f7e8b0f8127bbed0afdd92dd8d6bfecd3
jbossweb-servlet-2.5-api-2.1.10-5.patch01.1.1.ep5.el5.noarch.rpm
File outdated by:  RHSA-2013:0629
    MD5: d6727440107b93b9daf16b36d9d1e50d
SHA-256: cece99d3be3f376deca995acd82b923aa34859e16273477c76e945e7ea084538
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

674336 - CVE-2010-4476 JDK Double.parseDouble Denial-Of-Service


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/